Computer Security
[EN] securityvulns.ru no-pyccku


Jasper library multiplesecurity vulnerabilities
Published:20.03.2009
Source:
SecurityVulns ID:9759
Type:library
Threat Level:
5/10
Description:Integer overflow on JPEG2000 processing, format string vulnerability, symbolic links problem.
Affected:JASPER : JasPer 1.900
CVE:CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.)
 CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.)
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.)
Original documentdocumentUBUNTU, [USN-742-1] JasPer vulnerabilities (20.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod